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Question: 1 


Identify the two security features incorporated in the Oracle Solaris 11 Cryptographic Framework. 


A. Layer 5 IP address encryptions 

B. Internet protocol security 

C. Diffie-Kerberos coaxial key encryption 

D. Signed cryptographic plugins (providers) 
E. Kernel support for signed antivirus plugins 


Answer: D, E 


Explanation: 

The framework enables providers of cryptographic services to have their services used by many 
consumers in the Oracle Solaris operating system. Another name for providers is plugins. The 
framework allows three types of plugins: 

* User-level plugins - Shared objects that provide services by using PKCS #11 libraries, such as 
pkcs11_softtoken.so.1. 

* Kernel-level plugins - Kernel modules that provide implementations of cryptographic algorithms in 
software, such as AES. 

Many of the algorithms in the framework are optimized for x86 with the SSE2 instruction set and for 
SPARC hardware. 

* Hardware plugins - Device drivers and their associated hardware accelerators. The Niagara chips, 
the ncp and n2cp device drivers, are one example. A hardware accelerator offloads expensive 
cryptographic functions from the operating system. The Sun Crypto Accelerator 6000 board is one 
example. 

Reference: Oracle Solaris Cryptographic Framework 
http://docs.oracle.com/cd/E19963-01/html/821-1456/scf-10 


Question: 2 


Review the ZFS dataset output that is displayed on your system: 


Which four correctly describe the output? 


A. /data/file4 has been added. 

B. The link /data/file3 has been added. 

C. /data/file3 has been renamed to /data/file13. 
D. /data/file4 has been modified and is now larger. 
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E. /data/file1 has been deleted. 

F. /data/filel has been modified and is now smaller. 
G. /data/fileS has been modified. 

H. /data/file3 (a link) has been removed. 


Answer: A, C, E, G 


Explanation: 

A: + Indicates the file/directory was added in the later dataset 

C: R_ Indicates the file/directory was renamed in the later dataset 

E:- Indicates the file/directory was removed in the later dataset 

G: M_ Indicates the file/directory was modified in the later dataset 

Note: Identifying ZFS Snapshot Differences (zfs diff) 

You can determine ZFS snapshot differences by using the zfs diff command. 

The following table summarizes the file or directory changes that are identified by the zfs diff 
command. 

File or Directory Change Identifier 

* File or directory is modified or file or directory link changed 

M 

* File or directory is present in the older snapshot but not in the newer snapshot 
* File or directory is present in the newer snapshot but not in the older snapshot 
+ 

* File or directory is renamed 

R 


Question: 3 


Which five statements describe options available for installing the Oracle Solaris 11operating system 
using the installation media? 


A. You can perform a text or LiveCD installation locally or over the network. 

B. The text Installer does not install the GNOME desktop. The GNOME desktop package must he 
added after you have installed the operating system. 

C. The LiveCD Installation cannot be used to install multiple instances of Oracle Solaris. 

D. The LiveCD installer cannot be used if you need to preserve a specific Solaris Volume Table of 
Contents (VTOC) slice in your current operating system. 

E. The LiveCD Installer is for x86 platforms only. 

F. The GUI installer cannot be used to upgrade your operating system from Solaris 10. 

G. If you are installing Oracle Solaris 11 on an x86-based system that will have more than one 
operating system installed in it, you cannot partition your disk during the installation process. 
H. The LiveCD installer can be used for SPARC or x86 platforms. 


Answer: BCDEF 


Explanation: 
A: If the network is setup to perform automated installations, you can perform a text installation over 
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the network by setting up an install service on the network and selecting a text installation when the 
client system boots. 

B: After a fresh install of Solaris 11 express, only the console mode is activated. 

To add Gnome, simply do : 

S sudo pkg install slim_install 

This will install additional packages that are not installed by default. 

D: The text installer advantages over the GUI installer include: 

* In addition to modifying partitions, the text installer enables you to create and modify VTOC slices 
within the Solaris partition. 

F: How do | upgrade my Solaris 10 or lower systems to Solaris 11? 

Unfortunately, you CAN'T. There is no direct upgrade installer or other tool that will allow you to 
upgrade from earlier releases of Solaris to Solaris 11. This is primarily due to the vast changes in the 
packaging mechanism in Solaris 10. 

Incorrect answers: 

E: Both installers can be used to install Oracle Solaris on the x86 platform. The text installer can also 
be used to install Oracle Solaris on the SPARC platform. 

G: Both installers enable you to select, create, or modify disk partitions during an installation. 

H: Both installers can be used to install Oracle Solaris on the x86 platform. The text installer can also 
be used to install Oracle Solaris on the SPARC platform. 

Reference: Oracle Solaris 11 Information Library, Comparing Installation Options 


Question: 4 


When setting up Automated Installer (Al) clients, an interactive tool can be used to generate a 
custom system configuration profile. The profile will specify the time zone, data and time, user and 
root accounts, and name services used for an Al client installation. This interactive tool will prompt 
you to enter the client information and an SC profile (XML) will be created. 

Which interactive tool can be used to generate this question configuration? 


A. sys-unconfig 

B. installadm set-criteria 

C. sysconfig create-profile 
D. installadm create-profile 


Answer: B 


Explanation: 
Use the installadm set-criteria command to update the client criteria associated with an Al manifest 
that you already added to a service using installadm add-manifest. 
Use the installadm add-manifest command to add a custom AIl manifest to an install service. 
The value of manifest is a full path and file name with .xml extension. The manifest file contains an Al 
manifest (installation instructions). The manifest file can also reference or embed an SC manifest 
(system configuration instructions). 
Incorrect answers: 
A: The sys-unconfig command is used to restore a system's configuration to 

an "as-manufactured" state, ready to be reconfigured again. 
C: You can use the sysconfig create-profile command to create a new system configuration profile. 
The sysconfig command affects all functional groupings in the Solaris instance. 
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D: Use the installadm create-profile command to add a system configuration profile to an install 
service. The create-profile subcommand validates profiles before adding them to the install service. 
Specify criteria so that appropriate clients select that configuration profile. If no criteria are specified, 
all clients use this profile. 


Question: 5 


Review the zonestat command: 
zonestate - q physical - memory -R high -z -p -p “zones” 10 24h 60m 
Select the option that correctly describes the information that is displayed by this command. 


A. It is a sample of dbzone’s physical memory usage taken every hour over a 24-hour period. 
Only the top 10 samplings of peak memory usage are displayed. 

All other utilization data is eliminated. 

B. It is asample of dbzone’s CPU, virtual memory, and networking utilization. 

Physical memory is executed from the report. 

The sampling is taken every 10 minutes over a 24-hour period and peak utilization id displayed each 
hour. 

C. It is a sample of dbzone’s CPU, virtual memory, and networking utilization. 

Physical memory is executed from the report. 

The sampling is taken every 10 minutes over a 24-hour period and displayed each hour. 

D. It is a sample of dbzone’s physical memory usage taken every 10 seconds and 24-hour period. 
Only peak virtual memory usage and CPU utilization are displayed each hour. 

All other Utilization data is eliminated. 

E. It is a sample of dbzone’s physical memory usage taken every 10 seconds and 24-hour period. 
Only peak memory usage is displayed each hour. 

All other utilization data is eliminated. 


Answer: D 


Explanation: 

* (Not A, B, C): interval (here 10 seconds): Specifies the length in seconds to pause between each 
interval report. 

* duration (here 24 h) 

* -R report[,report] (here high) 

Print a summary report. 

high Print a summary report detailing the highest usage of each resource and zone during any 
interval of the zonestat utility invocation. 

Note: The zonestat utility reports on the cpu, memory, and resource control utilization of the 
currently running zones. Each zone's utilization is reported both as a percentage of system resources 
and the zone's configured limits. 

The zonestat utility prints a series of interval reports at the specified interval. It optionally also prints 
one or more summary reports at a specified interval. 

The default output is a summary of cpu, physical, and virtual memory utilization. The -r option can be 
used to choose detailed output for specific resources. 


Question: 6 
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You are configuring NFS on a server. Select the two statements that are true. 


A. Resources listed in /etc/dfs/dfstab are automatically shared on boot up. 

B. A directory cannot be shared if a subdirectory below it is already shared. 

C. Renaming a share created with the zfs set share command is not supported. 

D. NFS and SMB protocols cannot be used simultaneously to share the same directory. 


Answer: A, C 


Explanation: 

A: ZFS can automatically share file systems by setting the sharenfs property. Using this property, you 
do not have to modify the /etc/dfs/dfstab file when a new file system is shared. The sharenfs 
property is a comma-separated list of options to pass to the share command. The value on is an alias 
for the default share options, which provides read/write permissions to anyone. The value off 
indicates that the file system is not managed by ZFS and can be shared through traditional means, 
such as the /etc/dfs/dfstab file. All file systems whose sharenfs property is not off are shared during 
boot. 

Incorrect answers: 

D: A share can define options for both NFS and SMB sharing. 


Question: 7 


You have already generated a 256-bit AES raw key and named the keystore file /mykey. You need to 
use the key to create an encrypted file system. 

Which command should you use to create a ZFS encrypted file system named pool1/encrypt using 
the /mykey keystore? 


A. zfs create - o encryption = /mykey pool1/encrypt 

B. zfs create - o encryption = 256-ccm - o keysource = raw, file : ///my key pool1/encrypt 
C. zfs create - o encryption = AES keysource = /mykey pool1/encrypt 

D. zfs create - o encryption = on keystore = /mykey pool1/encrypt 


Answer: B 


Explanation: 

Example: Encrypting a ZFS File System by Using a Raw Key 

In the following example, an aes-256-ccm encryption key is generated by using the pktool command 
and is written to a file, /cindykey.file. 

# pktool genkey keystore=file outkey=/cindykey.file keytype=aes keylen=256 

Then, the /cindykey.file is specified when the tank/home/cindy file system is created. 

# zfs create -o encryption=aes-256-ccm -o keysource=raw, file:///cindykey.file tank/home/cindys 
Reference: Oracle Solaris ZFS Administration Guide, Examples of Encrypting ZFS File Systems 


Question: 8 


You need to set up an Oracle Solaris 11 host as an iSCSI target so that the host's disk can be accessed 


https://www.certkillers.net 


Questions & Answers PDF Page 7 


over a storage network. The disk device is c3t4d0. 
Which six options describe the steps that need to be taken on this host to enable an iSCSI target? 


A. Create a ZFS file system named iscsi/target. 

B. Create a zpool named iscsi with disk device c3t4d0 

C. Create zfs volume named iscsi/target. 

D. Use the stmfadm command to create a LUN using /dev/zvol/rdsk/iscsi/target. 
E. Use the stmfadm command to create a LUN using iscsi/target. 

F. Use the stmfadm command to make the LUN viewable. 

G. Use the stmfadm command to make the volume viewable. 

H. Enable the svc:/network/iscsi/target:default Service. 

|. Use the itadm command to create the iSCSI target. 


Answer: B, C, D, F, H, I 


Explanation: 

How to Create an iSCSI LUN 

The following steps are completed on the system that is providing the storage device. 

1.Create a ZFS storage pool. 

Example: target# zpool create sanpool mirror c2t3d0 c2t4d0 

(C)2. Create a ZFS volume to be used as a SCSI LUN. 

(D)3. Create a LUN for the ZFS volume. 

Example: 

target# stmfadm create-lu /dev/zvol/rdsk/sanpool/vol1 

Logical unit created: 600144F0B5418B0000004DDAC7C10001 

4. Confirm that the LUN has been created. 

Example 

target# stmfadm list-lu 

LU Name: 600144F0B5418B0000004DDAC7C10001 

(F) 5. Add the LUN view. 

This command makes the LUN accessible to all systems. 

target# stmfadm add-view 600144F0B5418B0000004DDAC7C10001 

How to Create the iSCSI Target 

This procedure assumes that you are logged in to the local system will contains the iSCSI target. 
Note: The stmfadm command manages SCSI LUNs. Rather than setting a special iSCSI property on the 
ZFS volume, create the volume and use stmfadm to create the LUN. 

(H) 1. Enable the iSCSI target service. 

target# svcadm enable -r svc:/network/iscsi/target:default 

(1) 2. Create the iSCSI target. 

target# itadm create-target 

Reference: Oracle Solaris Administration: Devices and File Systems, Configuring iSCSI Devices With 
COMSTAR 


Question: 9 


Identify the Automated Installer’s (Al) equivalent to jumpStart’s finish scripts and sysidcfg files. 


A. Manifest files 
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B. SMF system configuration profile files 

C. Installadm create - client 

D. IPS software package repository 

E. installadm create-service 

F. svccfg - s application/pkg/server setprop sysidcfg 


Answer: B 


Explanation: 

Comparing sysidcfg File Keywords to System Configuration Profile Directives 

The following table compares sysidcfg file keywords with example Al system configuration profile 
specifications. 

sysidcfg File Keyword 

System Configuration Profile Directives 

Etc. 

Reference: http://docs.oracle.com/cd/E23824_01/html/E21799/config-1 


Question: 10 


You need to update an OS image on a client. The pkg publishers command displays the wrong 
publisher with the wrong update: 


PUBLISHER TYPE STATUS URI 

Solaris origin online http://pkg.oracle.com/solaris/release 
The update is available on the updated publisher: 

PUBLISHER TYPE STATUS URI 

Solaris origin online http://sysA.example.com 


Select the option that describes the procedure used to update the OS image on the system from the 
updated publisher. 


A. Copy the repository from the ISO image onto the local client. 

Configure the repository on the client by using the svccfg - s command so that the Solaris publisher is 
connected to the new repository. 

Refresh the application/pkg/server service. 

Issue the pkgrepo refresh command to refresh the repository catalog 

B. Configure the publisher on the client using the svcfg - s command so that the Solaris publisher is 
connected to the repository at http://sysA.example.com 

Refresh the application/pkg/server service. 

Issue the pkgrepo refresh command to repository catalog 

C. Use the pkg set-publisher command to change the URL of the publisher Solaris to 
http://sysA.example.com. 

Issue the pkg update command to update the OS image. 

D. Add the new publisher http://sysA.example.com Solaris 

Use the pkg set-publisher command to set the publisher search order and place 
http://sysA.example.com of http://pkg.oracle.com/solaris/release 

Issue the pkg publisher command to view the publishers. 

Set the new publisher to sticky. 

Issue the pkg update command to update the OS image. 
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Answer: C 


Explanation: 

You can use the pkg set-publisher command to change a publisher URI. 

Changing a Publisher Origin URI 

To change the origin URI for a publisher, add the new URI and remove the old URI. Use the -g option 
to add a new origin URI. Use the -G option to remove the old origin URI. 

# pkg set-publisher -g http://pkg.example.com/support \ 

-G <http://pkg.example.com/release example.com> 

Note: You can use either the install or update subcommand to update a package. 

The install subcommand installs the package if the package is not already installed in the image. If 
you want to be sure to update only packages that are already installed, and not install any new 
packages, then use the update subcommand. 

Reference: Oracle Solaris 11 Express Image Packaging System Guide, Managing Package Publishers 
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